In Europe, the first data privacy considerations were brought to the European Council’s attention in 1980 as “The Organization for Economic Co-operation and Development” issued recommendations in this respect. In the document “Recommendations of the Council Concerning Guidelines Governing the Protection of Privacy and Trans-Border Flows of Personal Data” OECD released seven principles governing data privacy, and most of them were later included in the Data Protection Directive of 1995. These principles were non-binding from the legal point of view, but in 1981, the European Council issued a treaty enforcing signatories to regulate data privacy accordingly.
As the European Union was founded in 1993, it regulated data privacy through Directive 95/46/EC or the “Data Protection Directive”. The primary purpose of the regulation was to enforce the right to privacy of any European individual and principles aimed to protect people while, at the same time, allowing freedom of speech. Various countries in the EU adopted the Directive, but most of the local implementations did not regulate electronic use. Some countries who did extend the Directive and defined proper controls for data processing in electronic environments were Italy and Germany.
In 2016, Directive 95/46 becomes repealed by Directive 2016/679 which amends some key aspects, including the definition of “personal data.”
In Directive 95/46
Initially “personal data” covered:
“any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;” (art. 2 a).
However, in oncoming jurisprudence, the Court of Justice of the European Union, interpreted personal data in a broader way, including aspects related to a person’s professional life as well. Next, and furthermore, even if the data itself is only an opinion of a third party, about a certain individual, it may still be interpreted as personal data.
Example from the “Handbook on European Data Protection Law”:
“Any kind of information can be personal data provided that it relates to a person. Example: A supervisor’s assessment of an employee’s work performance, stored in the employee’s personnel file, is personal data about the employee, even though it may just reflect, in part or whole, the superior’s personal opinion, such as: “the employee is not dedicated to his work” and not hard facts, such as: “the employee has been absent from work for five weeks during the last six months.””
In the General Data Protection Regulation (EU Regulation 2016/679)
The General Data Protection Regulation adds several amendments aimed to update the former directive and enforce it. Among them, there is one regarding the definition of personal data. The new regulation adds “an online identifier” when enumerating the types of information that fall under the scope of “personal information”, clearly moving the scope to the “digital world”. Also, there are new definitions for terms like “personal data breach” and “biometric data”.
Liked this article? Follow us on LinkedIn for more, or subscribe to our newsletter.
Good reading for understanding key concepts and following on various interpretations: “Handbook on European Data Protection law”
This post was last modified on August 21, 2023 7:27 am
In the digital world, information is often stored and transferred through files. From the most…
Introduction Data security is more important than ever in today's fast-paced digital world. One critical…
Introduction: Cyber threats are a growing concern for businesses and individuals alike. With the increasing…
Microsoft Internet Information Services (IIS) is a popular web server that is widely used to…
File tracking is an important aspect of server administration, and it can help administrators detect…
File monitoring solutions are essential tools for administrators to manage and protect their organizations' data…